From 1c707c22ffe5b78f463a80974abfcff264efc009 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Thu, 7 Nov 2024 19:08:50 +0100 Subject: [PATCH 01/12] - added Dockerfile --- intel-sgx/ppid-decryption-tool/Dockerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 intel-sgx/ppid-decryption-tool/Dockerfile diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile new file mode 100644 index 00000000..e69de29b From 6d1b32df2d73addfc8df2319bc1c5cee2e46c1ec Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Thu, 7 Nov 2024 19:08:55 +0100 Subject: [PATCH 02/12] -changes --- intel-sgx/ppid-decryption-tool/Dockerfile | 98 +++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index e69de29b..b17347fa 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -0,0 +1,98 @@ +From ubuntu:focal as sgx_sdk + +RUN apt-get update +RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y git build-essential python + +# Install user +RUN useradd -rm -d /home/raoul -s /bin/bash -g root -G sudo -u 1000 raoul +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +RUN echo 'raoul:raoul' | chpasswd +USER raoul +WORKDIR /home/raoul + +# Install SGX Dev tools +USER root +RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl unzip libboost-dev libboost-system-dev libboost-thread-dev + +USER raoul +RUN git clone https://github.com/intel/linux-sgx.git +WORKDIR linux-sgx +RUN make preparation +RUN ls external/toolset/ +USER root +RUN cp external/toolset/ubuntu20.04/* /usr/local/bin +USER raoul + +RUN make sdk +RUN make sdk_install_pkg +RUN ls linux/installer/bin + +USER root +RUN apt-get install -y pkg-config +RUN bash -c "echo yes | ./$(find linux/installer/bin/ -name 'sgx_linux_x64_sdk*')" + +# Install SGX DCAP primitives +USER root +RUN apt-get install -y protobuf-c-compiler libprotobuf-c-dev protobuf-compiler +RUN apt-get install -y libboost-dev libboost-system-dev +RUN apt-get install -y libcurl4-openssl-dev +USER raoul +RUN git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git +WORKDIR SGXDataCenterAttestationPrimitives +RUN git submodule update --init +RUN QuoteGeneration/download_prebuilt.sh +RUN source /home/raoul/linux-sgx/sgxsdk/environment && make + +WORKDIR tools/PCKCertSelection +USER root +RUN apt-get install -y zip +USER raoul +RUN make + +USER root +RUN apt-get install -y debhelper +# Bugfix: The `make deb_pkg` command results in a check whether systemd is installed +RUN mkdir -p /run/systemd/system/ +USER raoul +WORKDIR ../../tools/SGXPlatformRegistration +RUN source /home/raoul/linux-sgx/sgxsdk/environment && make +RUN source /home/raoul/linux-sgx/sgxsdk/environment && make deb_pkg +USER root +RUN bash -c 'rm -rf /run/systemd' + +# installed to: +# ~/linux-sgx/SGXDataCenterAttestationPrimitives/tools/SGXPlatformRegistration/build/installer/ + +# Install SGX runtime libraries +USER root +RUN apt-get install sudo +RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list +RUN wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key +RUN mkdir /etc/apt/keyrings +RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null +RUN apt-get update +RUN apt-get upgrade -y +RUN apt-get update +RUN apt-get install -y libsgx-urts libsgx-epid libsgx-quote-ex libsgx-dcap-ql + +# Setup aesmd service in container +USER root +RUN bash -c 'mkdir /var/run/aesmd' +RUN bash -c 'chown -c raoul /var/run/aesmd' + +# Preparing to run PCKIDRetrievalTool +USER root +RUN bash -c 'apt-get install -y screen' + +From sgx_sdk +USER root + +WORKDIR ppid-tool +COPY Enclave Enclave +COPY pce pce +COPY main.c main.c +COPY Makefile Makefile + +RUN source /home/raoul/linux-sgx/sgxsdk/environment && make + +ENTRYPOINT bash From fd4e7834b697f61ac9e5fb39b1c32884da6c1861 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 12 Nov 2024 12:46:01 +0100 Subject: [PATCH 03/12] - added apt-get update - renamed user --- intel-sgx/ppid-decryption-tool/Dockerfile | 29 ++++++++++++----------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index b17347fa..0ce39790 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -4,24 +4,25 @@ RUN apt-get update RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y git build-essential python # Install user -RUN useradd -rm -d /home/raoul -s /bin/bash -g root -G sudo -u 1000 raoul +RUN useradd -rm -d /home/ppid-tool -s /bin/bash -g root -G sudo -u 1000 ppid-tool SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN echo 'raoul:raoul' | chpasswd -USER raoul -WORKDIR /home/raoul +RUN echo 'ppid-tool:ppid-tool' | chpasswd +USER ppid-tool +WORKDIR /home/ppid-tool # Install SGX Dev tools USER root +RUN apt-get update RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl unzip libboost-dev libboost-system-dev libboost-thread-dev -USER raoul +USER ppid-tool RUN git clone https://github.com/intel/linux-sgx.git WORKDIR linux-sgx RUN make preparation RUN ls external/toolset/ USER root RUN cp external/toolset/ubuntu20.04/* /usr/local/bin -USER raoul +USER ppid-tool RUN make sdk RUN make sdk_install_pkg @@ -36,27 +37,27 @@ USER root RUN apt-get install -y protobuf-c-compiler libprotobuf-c-dev protobuf-compiler RUN apt-get install -y libboost-dev libboost-system-dev RUN apt-get install -y libcurl4-openssl-dev -USER raoul +USER ppid-tool RUN git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git WORKDIR SGXDataCenterAttestationPrimitives RUN git submodule update --init RUN QuoteGeneration/download_prebuilt.sh -RUN source /home/raoul/linux-sgx/sgxsdk/environment && make +RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make WORKDIR tools/PCKCertSelection USER root RUN apt-get install -y zip -USER raoul +USER ppid-tool RUN make USER root RUN apt-get install -y debhelper # Bugfix: The `make deb_pkg` command results in a check whether systemd is installed RUN mkdir -p /run/systemd/system/ -USER raoul +USER ppid-tool WORKDIR ../../tools/SGXPlatformRegistration -RUN source /home/raoul/linux-sgx/sgxsdk/environment && make -RUN source /home/raoul/linux-sgx/sgxsdk/environment && make deb_pkg +RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make +RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make deb_pkg USER root RUN bash -c 'rm -rf /run/systemd' @@ -78,7 +79,7 @@ RUN apt-get install -y libsgx-urts libsgx-epid libsgx-quote-ex libsgx-dcap-ql # Setup aesmd service in container USER root RUN bash -c 'mkdir /var/run/aesmd' -RUN bash -c 'chown -c raoul /var/run/aesmd' +RUN bash -c 'chown -c ppid-tool /var/run/aesmd' # Preparing to run PCKIDRetrievalTool USER root @@ -93,6 +94,6 @@ COPY pce pce COPY main.c main.c COPY Makefile Makefile -RUN source /home/raoul/linux-sgx/sgxsdk/environment && make +#RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make ENTRYPOINT bash From fa7a564031c189215965d0e6458d7f154bdad846 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 12 Nov 2024 12:59:00 +0100 Subject: [PATCH 04/12] - added separate runtime image --- intel-sgx/ppid-decryption-tool/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index 0ce39790..554bfce6 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -63,7 +63,7 @@ RUN bash -c 'rm -rf /run/systemd' # installed to: # ~/linux-sgx/SGXDataCenterAttestationPrimitives/tools/SGXPlatformRegistration/build/installer/ - +From sgx_sdk as ppid-runtime # Install SGX runtime libraries USER root RUN apt-get install sudo @@ -85,7 +85,7 @@ RUN bash -c 'chown -c ppid-tool /var/run/aesmd' USER root RUN bash -c 'apt-get install -y screen' -From sgx_sdk +From ppid-runtime USER root WORKDIR ppid-tool @@ -94,6 +94,6 @@ COPY pce pce COPY main.c main.c COPY Makefile Makefile -#RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make +RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make ENTRYPOINT bash From 077d48520f1c1f7a0e846ac2980cb0e61e02a115 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Fri, 15 Nov 2024 13:50:04 +0100 Subject: [PATCH 05/12] - added github actions file --- .github/workflows/build-docker-images.yml | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/build-docker-images.yml diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml new file mode 100644 index 00000000..d7c1b0ea --- /dev/null +++ b/.github/workflows/build-docker-images.yml @@ -0,0 +1,28 @@ +# This workflow is used to build docker images + +name: Docker Image CI + +on: + push: + branches: ["master"] + paths: + - "intel-sgx/ppid-retrieval-tool/**" + - ".github/workflows/**" + pull_request: + branches: ["master"] + paths: + - "intel-sgx/ppid-retrieval-tool/**" + - ".github/workflows/**" + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Build the Docker image + run: | + cd intel-sgx/ppid-retrieval-tool + docker build -t ppid-retrieval-tool:$(date +%s) . \ No newline at end of file From ac7119d265b0ed0eeb248454d2d4c5cf842ed223 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Sun, 17 Nov 2024 18:00:09 +0100 Subject: [PATCH 06/12] - code review changes --- .github/workflows/build-docker-images.yml | 5 +++-- intel-sgx/ppid-decryption-tool/Dockerfile | 5 +---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml index d7c1b0ea..fb67388d 100644 --- a/.github/workflows/build-docker-images.yml +++ b/.github/workflows/build-docker-images.yml @@ -1,4 +1,4 @@ -# This workflow is used to build docker images +# This workflow is used to build docker image for ppid-retrieval-tool name: Docker Image CI @@ -25,4 +25,5 @@ jobs: - name: Build the Docker image run: | cd intel-sgx/ppid-retrieval-tool - docker build -t ppid-retrieval-tool:$(date +%s) . \ No newline at end of file + docker build -t ppid-retrieval-tool:$(date +%s) . + \ No newline at end of file diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index 554bfce6..61fba419 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -81,10 +81,7 @@ USER root RUN bash -c 'mkdir /var/run/aesmd' RUN bash -c 'chown -c ppid-tool /var/run/aesmd' -# Preparing to run PCKIDRetrievalTool -USER root -RUN bash -c 'apt-get install -y screen' - +# Preparing to build PCKIDRetrievalTool From ppid-runtime USER root From d9c6004923006e01ab23a4f40428e58bc5fd7040 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 19 Nov 2024 12:47:45 +0100 Subject: [PATCH 07/12] - code review changes - removed tons of unnecessary packages --- intel-sgx/ppid-decryption-tool/Dockerfile | 83 +++++------------------ 1 file changed, 16 insertions(+), 67 deletions(-) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index 61fba419..5fc8c6df 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -1,10 +1,7 @@ -From ubuntu:focal as sgx_sdk - -RUN apt-get update -RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y git build-essential python +FROM ubuntu:24.04 as sgx_sdk # Install user -RUN useradd -rm -d /home/ppid-tool -s /bin/bash -g root -G sudo -u 1000 ppid-tool +RUN useradd -rm -d /home/ppid-tool -s /bin/bash -g root -G sudo -u 1010 ppid-tool SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN echo 'ppid-tool:ppid-tool' | chpasswd USER ppid-tool @@ -12,69 +9,21 @@ WORKDIR /home/ppid-tool # Install SGX Dev tools USER root -RUN apt-get update -RUN DEBIAN_FRONTEND="noninteractive" TZ="America/New_York" apt-get install -y build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl unzip libboost-dev libboost-system-dev libboost-thread-dev - -USER ppid-tool -RUN git clone https://github.com/intel/linux-sgx.git -WORKDIR linux-sgx -RUN make preparation -RUN ls external/toolset/ -USER root -RUN cp external/toolset/ubuntu20.04/* /usr/local/bin -USER ppid-tool - -RUN make sdk -RUN make sdk_install_pkg -RUN ls linux/installer/bin - -USER root -RUN apt-get install -y pkg-config -RUN bash -c "echo yes | ./$(find linux/installer/bin/ -name 'sgx_linux_x64_sdk*')" - -# Install SGX DCAP primitives -USER root -RUN apt-get install -y protobuf-c-compiler libprotobuf-c-dev protobuf-compiler -RUN apt-get install -y libboost-dev libboost-system-dev -RUN apt-get install -y libcurl4-openssl-dev -USER ppid-tool -RUN git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git -WORKDIR SGXDataCenterAttestationPrimitives -RUN git submodule update --init -RUN QuoteGeneration/download_prebuilt.sh -RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make +RUN apt-get update && apt-get install -y \ + gnupg \ + wget -WORKDIR tools/PCKCertSelection -USER root -RUN apt-get install -y zip -USER ppid-tool -RUN make +RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' > /etc/apt/sources.list.d/intel-sgx.list +RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - +RUN apt-get update -USER root -RUN apt-get install -y debhelper -# Bugfix: The `make deb_pkg` command results in a check whether systemd is installed -RUN mkdir -p /run/systemd/system/ -USER ppid-tool -WORKDIR ../../tools/SGXPlatformRegistration -RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make -RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make deb_pkg -USER root -RUN bash -c 'rm -rf /run/systemd' +# App build time dependencies +RUN apt-get install -y build-essential -# installed to: -# ~/linux-sgx/SGXDataCenterAttestationPrimitives/tools/SGXPlatformRegistration/build/installer/ -From sgx_sdk as ppid-runtime -# Install SGX runtime libraries -USER root -RUN apt-get install sudo -RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list -RUN wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -RUN mkdir /etc/apt/keyrings -RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null -RUN apt-get update -RUN apt-get upgrade -y -RUN apt-get update -RUN apt-get install -y libsgx-urts libsgx-epid libsgx-quote-ex libsgx-dcap-ql +WORKDIR /opt/intel +RUN wget https://download.01.org/intel-sgx/sgx-linux/2.22/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.22.100.3.bin +RUN chmod +x sgx_linux_x64_sdk_2.22.100.3.bin +RUN echo 'yes' | ./sgx_linux_x64_sdk_2.22.100.3.bin # Setup aesmd service in container USER root @@ -82,7 +31,7 @@ RUN bash -c 'mkdir /var/run/aesmd' RUN bash -c 'chown -c ppid-tool /var/run/aesmd' # Preparing to build PCKIDRetrievalTool -From ppid-runtime +FROM sgx_sdk USER root WORKDIR ppid-tool @@ -91,6 +40,6 @@ COPY pce pce COPY main.c main.c COPY Makefile Makefile -RUN source /home/ppid-tool/linux-sgx/sgxsdk/environment && make +RUN source /opt/intel/sgxsdk/environment && make ENTRYPOINT bash From da80a71aed831163060a50dba3c83fb5337ad023 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 19 Nov 2024 15:47:53 +0100 Subject: [PATCH 08/12] - added build-time dependency - removed more unncesessary commands --- intel-sgx/ppid-decryption-tool/Dockerfile | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-decryption-tool/Dockerfile index 5fc8c6df..b39deb60 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-decryption-tool/Dockerfile @@ -13,22 +13,25 @@ RUN apt-get update && apt-get install -y \ gnupg \ wget -RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' > /etc/apt/sources.list.d/intel-sgx.list -RUN wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - -RUN apt-get update - # App build time dependencies +RUN apt-get update RUN apt-get install -y build-essential WORKDIR /opt/intel -RUN wget https://download.01.org/intel-sgx/sgx-linux/2.22/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.22.100.3.bin -RUN chmod +x sgx_linux_x64_sdk_2.22.100.3.bin -RUN echo 'yes' | ./sgx_linux_x64_sdk_2.22.100.3.bin +RUN wget https://download.01.org/intel-sgx/sgx-linux/2.25/distro/ubuntu24.04-server/sgx_linux_x64_sdk_2.25.100.3.bin +RUN chmod +x sgx_linux_x64_sdk_2.25.100.3.bin +RUN echo 'yes' | ./sgx_linux_x64_sdk_2.25.100.3.bin -# Setup aesmd service in container +# Install SGX runtime libraries USER root -RUN bash -c 'mkdir /var/run/aesmd' -RUN bash -c 'chown -c ppid-tool /var/run/aesmd' +RUN apt-get install -y sudo +RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list +RUN wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key +RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null +RUN apt-get update +RUN apt-get upgrade -y +RUN apt-get update +RUN apt-get install -y libsgx-urts # Preparing to build PCKIDRetrievalTool FROM sgx_sdk From 542c88ca2f3990c647a038f4539b613442a81799 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 19 Nov 2024 16:14:03 +0100 Subject: [PATCH 09/12] - fixed provisioning key --- intel-sgx/ppid-retrieval-tool/Enclave/ppid.config.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/intel-sgx/ppid-retrieval-tool/Enclave/ppid.config.xml b/intel-sgx/ppid-retrieval-tool/Enclave/ppid.config.xml index ef3435c3..9b96c358 100644 --- a/intel-sgx/ppid-retrieval-tool/Enclave/ppid.config.xml +++ b/intel-sgx/ppid-retrieval-tool/Enclave/ppid.config.xml @@ -1,6 +1,6 @@ 0 - 0 + 1 0x1 1 1 From 63509961ba792b3b07951801a9b632a9f35c4638 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Tue, 19 Nov 2024 17:26:33 +0100 Subject: [PATCH 10/12] - moved file into a proper place --- .../{ppid-decryption-tool => ppid-retrieval-tool}/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename intel-sgx/{ppid-decryption-tool => ppid-retrieval-tool}/Dockerfile (98%) diff --git a/intel-sgx/ppid-decryption-tool/Dockerfile b/intel-sgx/ppid-retrieval-tool/Dockerfile similarity index 98% rename from intel-sgx/ppid-decryption-tool/Dockerfile rename to intel-sgx/ppid-retrieval-tool/Dockerfile index b39deb60..f5bfb924 100644 --- a/intel-sgx/ppid-decryption-tool/Dockerfile +++ b/intel-sgx/ppid-retrieval-tool/Dockerfile @@ -45,4 +45,4 @@ COPY Makefile Makefile RUN source /opt/intel/sgxsdk/environment && make -ENTRYPOINT bash +ENTRYPOINT bash \ No newline at end of file From d09bf12f3fdd1f29fd23412f4133aaf0345bb264 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Thu, 21 Nov 2024 11:17:36 +0100 Subject: [PATCH 11/12] - code review changes --- intel-sgx/ppid-retrieval-tool/Dockerfile | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/intel-sgx/ppid-retrieval-tool/Dockerfile b/intel-sgx/ppid-retrieval-tool/Dockerfile index f5bfb924..0f89832a 100644 --- a/intel-sgx/ppid-retrieval-tool/Dockerfile +++ b/intel-sgx/ppid-retrieval-tool/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:24.04 as sgx_sdk +FROM ubuntu:24.04 AS sgx_sdk # Install user RUN useradd -rm -d /home/ppid-tool -s /bin/bash -g root -G sudo -u 1010 ppid-tool @@ -9,9 +9,10 @@ WORKDIR /home/ppid-tool # Install SGX Dev tools USER root -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get upgrade -y && apt-get install -y \ gnupg \ - wget + wget \ + sudo # App build time dependencies RUN apt-get update @@ -24,13 +25,9 @@ RUN echo 'yes' | ./sgx_linux_x64_sdk_2.25.100.3.bin # Install SGX runtime libraries USER root -RUN apt-get install -y sudo RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list RUN wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null -RUN apt-get update -RUN apt-get upgrade -y -RUN apt-get update RUN apt-get install -y libsgx-urts # Preparing to build PCKIDRetrievalTool From d7b80cd753860b02035a464deea2384708f61926 Mon Sep 17 00:00:00 2001 From: NikitaShyrei Date: Thu, 21 Nov 2024 11:49:32 +0100 Subject: [PATCH 12/12] - build fix --- intel-sgx/ppid-retrieval-tool/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/intel-sgx/ppid-retrieval-tool/Dockerfile b/intel-sgx/ppid-retrieval-tool/Dockerfile index 0f89832a..c0e3489e 100644 --- a/intel-sgx/ppid-retrieval-tool/Dockerfile +++ b/intel-sgx/ppid-retrieval-tool/Dockerfile @@ -28,6 +28,7 @@ USER root RUN echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list RUN wget https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key RUN cat intel-sgx-deb.key | sudo tee /etc/apt/keyrings/intel-sgx-keyring.asc > /dev/null +RUN apt-get update RUN apt-get install -y libsgx-urts # Preparing to build PCKIDRetrievalTool